Messages

Just updated to 23.7.5.

Deleted all dummy interfaces "Physical NIC" "VLAN", checked WAN PPPoE is set to 1508 calculated MTU is 1500.
Upgrade to 23.7.5 and voila! 1500 MTU on PPPoE

Just tried this exact thing. Deleted PPPOEDMY so its now gone, checked that pppoeWAN had 1508 set as MTU. Calculated MTU said 1500.

Saved, rebooted. MTU under interfaces - overview still 1492. So not clear what else to do. Nothing works for me the same as other people.

"You just need to set the correct MTU in the WAN interface that the PPPoE is assigned to (heeding that the effective MTU on PPPoE is the "calculated" value displayed not the one entered)."

I am not clear what to do here. I have 2 interfaces for some reason. A "dummy" interface and a normal pppoe interface.
Am I clearing the config from one of them? If so which one and where am I inputting 1512? The dummy or pppoe interface?

Or am I deleting this dummy interface and setting 1508 on the pppoe interface?

Kind regards
Peter

Let's make sure a manual setting somewhere is not preventing it from adjusting correctly:

# opnsense-log | grep ifconfig

It should show errors regarding setting MTU. Then we could look at the config and find those offending values.

I'd also check the PPP device settings as under advanced they also have room to set MTU again...


Cheers,
Franco

Hi Franco,

Thank you for the reply. The output is nothing when I do this (first screenshot)

My advanced options has nothing set (second screenshot).

Kind regards
Peter

Literally dont know what else to change at this point. Ss simply show my last effort to get it working but pretty sure I have tried every permutation and setting values in all different places with no effect.

Last ss

Third ss

Second ss

Unsure how to progress this. Tried different values and settings but pppoe is always 1492 no matter what I do.

Here are my settings. Why does it not work?

On Opnsense Services - Dynamic DNS - Settings.
Click + to add a new entry.

Description : Up to you
Service: Cloudflare
Username: token
Password: API KEY CREATED IN CLOUDFLARE ACCOUNT
Zone: domain name in format example.com
Hostname: Full FQDN in format ddnsentry.example.com
Check IP method: Interface
Interface to monitor : WAN
Check IP Timeout: 10
Force SSL: YES

For API Key in Cloudflare click my profile, then api tokens.
Create token, use DNS template.
Need:
Zone , DNS, Edit
Zone, Zone, Read
Include - All zones.

Copy the API key and paste as the password in Opnsense.

Works 100%

Main thing is create a new local config for wireguard - MUST have routes disabled.
Then an endpoint must be created, and must successfully connect. 0.0.0.0/0 must be pushed across that.
Then a new WG interface must be created (virtual interface must exist) and create a single gateway with higher priority (so default traffic wont use it).


With this you now need very little to complete -
Aliases - the pc's or whatever you want to use the tunnel,
At least 1 firewall rule - that must match traffic before any other rules and have the new WG gateway set.
(eg: source could be your pc's in the alias you want to use the tunnel and destination any).

You dont need outbound nat or any floating rules or static routes if you configure it in this simple way.

Pete

Hi

I have found the issue. I normally check things from my phone as its just easier for me but I see now that checking from your phone produces different information for the zenarmor plugin, one of the bits of information being that all the servers are down. I happened to rarely be in the web interface from a pc and noticed everything was working that tipped me off. I believe I did not need to actually reinstall the entire package either and this was done based on the information being wrong displayed when using safari on an iphone.

P

Hi. No icmp works fine and this started being an issue a few updates ago. It always used to work fine. My entire network goes through my firewall and all traffic so I believe it's something else.

Unsure how to troubleshoot this. I just uninstalled and then reinstalled and changed to mongo db in the hope it would fix it but it still shows servers are down for cloud threat intel even in the setup as per below. How can I troubleshoot this? Unsure how to access logs. 


https://imgur.com/a/Lyu628m

You have to wait for an update to opnsense. When a problem is found there is a period of time that must pass between a solution being found to mitigate it and then that solution to then make it into the various applications that use it including opnsense so you are being informed of an issue in case its such a problem that you need to make another arrangement because you cannot wait (ie pay someone to code a fix for you immediately because its so critical no waiting is possible). Or like the rest of us you can wait if you are not in that situation.

So far adding the following IP's to zenarmor whitelist/exclusions seems to have fixed whatsapp:

1    102.132.100.62       
2    102.132.99.62       
3   Invalid, something else for different purpose.
4    157.240.19.52       
5    157.240.229.62       
6    157.240.240.62       
7    157.240.249.62       
8    157.240.254.12       
9    157.240.254.35       
10    157.240.254.62       
11    157.240.254.7       
12    31.13.66.53       
13    31.13.71.48       
14    31.13.80.12       
15    31.13.80.36       
16    31.13.80.8       
17    31.13.88.62